Banking Trojans dominated in July

Aug 29, 2013

The results of spam monitoring in July point to a lack of variety among malware targets — nearly every malicious programme launched during the month was after personal user data.
Most cases involved malicious programmes from banking Trojan families that use personal data to access online banking services. The notorious Zbot/ZeuS spyware programme alone accounted for 23% of all malicious attachments and targeted online banking service users logging in on a Windows system or using an Android mobile device.

More often than not, malicious users use fake e-mails seeded with the Zbot Trojan that are designed to look like an official notification from banks, online stores, social networks, or popular delivery services. Fake messages using the Bank of America name were particularly popular with scammers in July.

The malware intercepts browser requests to the bank’s Web site, and instead suggests that the user fill out various and sundry “additional information” in order to “ensure security”.

However, instead of successfully logging in, the banking Trojan obtains unauthorised access to the user’s money. The variations of this Trojan targeting the Android operating system now allow malicious users to intercept transaction confirmation codes that banks typically send to users (by text message, for example), and then reroute these codes to themselves.

July also saw a new entry in the Top 20 e-mail threats. SMS-Flooder.AndroidOS.Didat.a, which targets the mobile Android operating system, ranked 15th and set a new record for this class of programme. Its functions allow it to orchestrate and send mass text messages.

Commenting on spam developments in July 2013, Darya Gudkova, head of Kaspersky Lab’s Content Analysis Department, says: “Malicious users targeting Android devices are showing no signs of taking a break. The appearance of this new threat in the Top 20 spam ratings confirms our expectations – the steady growth of Android users will inevitably lead to an increase in the number and variety of these types of threats.

“These programmes capable of sending out text messages will no doubt soon be joined by Trojans that steal confidential data.”

Naturally, major world events also figured in July’s spam mailings. The birth of the heir to the British throne, the trials and tribulations of whistleblower Edward Snowden, the removal of Egypt’s President Morsi — all of these events were exploited to attract attention to spam advertisements for various goods or so-called Nigerian scam e-mails that attempt to extract money from gullible recipients.